乾貨 | 運維福音——Terraform自動化管理京東雲
乾貨 | 運維福音——Terraform自動化管理京東雲
原創: 張宏偉 京東雲開發者社區 昨天html
Terraform是一個高度可擴展的IT基礎架構自動化編排工具,主張基礎設施即代碼,可經過代碼集中管理雲資源和基礎架構,這意味着用戶可以在京東雲上輕鬆使用簡單模板語言來定義、預覽和部署雲基礎架構,可以快速將環境部署到京東雲或本地數據中心,實現多雲管理和跨雲遷移。京東雲成爲國內少數擁有Terraform Provider產品的雲廠商之一。應用場景:基礎設施即代碼、快速部署多雲環境、自動化管理下降成本。官網連接:linux
www.terraform.io/docs/provid…json
Terraform 是 Hashicorp 公司一款開源的資源編排工具,表明了業界前沿的技術和標準。相對於其餘雲上資源管理方式,具備快速建立基礎設施、高效部署多雲環境和大幅下降管理成本三大功能特性。bash
Terraform 經過代碼管理維護雲資源,可保存基礎設施資源的狀態,快速建立和維護管理雲主機、網絡、負載均衡等雲資源,並經過代碼與其餘人共享雲資源的編排配置。網絡
Terraform支持200多個基礎設施提供商,適用於多雲方案,可快速將用戶的環境部署到京東雲、其餘雲廠商或者本地的數據中心。開發者可同時管理不一樣雲廠商的資源,也可快速方便地遷移到另一個雲廠商。Terraform經過代碼批量按計劃地管理資源,可編排、重複地自動化管理雲資源,減小人爲因素形成的不肯定管理錯誤,同時能快速建立相同的開發、測試、預發和生成環境,下降開發者的管理成本。架構
本文經過簡單demo作一個技術入門的演示,目的是幫助你們瞭解如何採用Terraform來自動化管理京東雲上的資源。app
Terraform安裝
Terraform 是一個 IT 基礎架構自動化編排工具,它的口號是 「Write, Plan, and create Infrastructure as Code」, 其程序安裝在客戶的終端PC上,能夠運行於多種操做系統平臺。本文實例採用的是CentOS操做系統。負載均衡
登陸到主機後先下載一下安裝包
1[jdc@mysandbox ~]$ mkdir tf 2[jdc@mysandbox ~]$ cd tf 3[jdc@mysandbox tf]$ wget https://releases.hashicorp.com/terraform/0.11.13/terraform_0.11.13_linux_amd64.zip 4--2019-05-16 14:41:57-- https://releases.hashicorp.com/terraform/0.11.13/terraform_0.11.13_linux_amd64.zip 5Resolving releases.hashicorp.com (releases.hashicorp.com)... 151.101.109.183, 2a04:4e42:1a::439 6Connecting to releases.hashicorp.com (releases.hashicorp.com)|151.101.109.183|:443... connected. 7HTTP request sent, awaiting response... 200 OK 8Length: 21128942 (20M) [application/zip] 9Saving to: ‘terraform_0.11.13_linux_amd64.zip’1011100%[============================================================================================================================================================>] 21,128,942 4.30MB/s in 66s12132019-05-16 14:43:05 (312 KB/s) - ‘terraform_0.11.13_linux_amd64.zip’ saved [21128942/21128942]
複製代碼
解壓縮
1[jdc@mysandbox tf]$ ls2terraform_0.11.13_linux_amd64.zip[jdc@mysandbox tf]$ unzip terraform_0.11.13_linux_amd64.zip3Archive: terraform_0.11.13_linux_amd64.zip4inflating: terraform
複製代碼
直接運行程序能夠看到如下命令行的幫助信息:less
1$ terraform 2Usage: terraform [--version] [--help] <command> [args] 3 4The available commands for execution are listed below. 5The most common, useful commands are shown first, followed byless common or more advanced commands. If you're just gettingstarted with Terraform, stick with the common commands. For theother commands, please read the help and docs before usage. 6 7Common commands: 8apply Builds or changes infrastructure 9console Interactive console for Terraform interpolations destroy Destroy Terraform-managed infrastructure10fmt Rewrites config files to canonical format11get Download and install modules for the configuration12graph Create a visual graph of Terraform resources import Import existing infrastructure into Terraform init Initialize a new or existing Terraform configuration13output Read an output from a state file14plan Generate and show an execution plan15providers Prints a tree of the providers used in the configuration16push Upload this Terraform module to Terraform Enterprise to run17refresh Update local state file against real resources18show Inspect Terraform state or plan19taint Manually mark a resource for recreation20untaint Manually unmark a resource as tainted21validate Validates the Terraform files22version Prints the Terraform version23workspace Workspace management2425All other commands:26debug Debug output management (experimental)27force-unlock Manually unlock the terraform state28state Advanced state management 複製代碼
舉例:查看Terraform版本
1[jdc@mysandbox tf]$ ./terraform version2Terraform v0.11.13
複製代碼
初始化環境
Terraform訪問京東雲的服務,首先須要身份認證鑑權。認證採用Access Key與Secret key來完成。從控制檯取得AK、SK身份鑑權信息兩種方法保存:運維
方法1:將AK,SK加入運行環境
1[jdc@mysandbox tf]$ cat >> ~/.bash_profile <<EOF2> #### add Hongwei 201905163> export access_key="D4xxxxxxxxxxxxxxxxxxxxxxxxxxxx8D"4> export secret_key="7xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxE"5> export region="cn-north-1"> EOF6[jdc@mysandbox tf]$ . ~/.bash_profile
複製代碼
方法2:將AK,SK放入json文件
1cat >> jdcloud.tf <<EOF2provider "jdcloud" {3 access_key = "D4xxxxxxxxxxxxxxxxxxxxxxxxxxxx8D"4 secret_key = "7xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxE "5 region = "cn-north-1"}6EOF
複製代碼
初始化環境
1[jdc@mysandbox tf]$ ./terraform init 2 3Initializing provider plugins... 4- Checking for available provider plugins on https://releases.hashicorp.com... 5- Downloading plugin for provider "jdcloud" (0.0.1)... 6 7The following providers do not have any version constraints in configuration,so the latest version was installed. 8 9To prevent automatic upgrades to new major versions that may contain breakingchanges, it is recommended to add version = "..." constraints to thecorresponding provider blocks in configuration, with the constraint stringssuggested below.1011* provider.jdcloud: version = "~> 0.0"1213Terraform has been successfully initialized!1415You may now begin working with Terraform. Try running "terraform plan" to seeany changes that are required for your infrastructure. All Terraform commandsshould now work.1617If you ever set or change modules or backend configuration for Terraform,rerun this command to reinitialize your working directory. If you forget, othercommands will detect it and remind you to do so if necessary.
複製代碼
演示:建立一個雲主機實例
參考Terraform的聯機文檔*(www.terraform.io/docs/provid…
1resource "jdcloud_instance" "vm-1" { 2 az = "cn-north-1a" 3 instance_name = "vm-1" 4 instance_type = "g.n2.medium" 5 image_id = "bba85cab-dfdc-4359-9218-7a2de429dd80" 6 password = "cNXOxJywMU6IY7c0CgIj" 7 subnet_id = "subnet-35h6keqh4m" 8 network_interface_name = "example_ni_name" 9 primary_ip = "10.0.0.27"10 secondary_ip_count = 011 security_group_ids = ["sg-chx9tv75xa"]1213 system_disk = {14 disk_category = "local"15 device_name = "vda"16 disk_type="ssd"17 disk_size_gb = 4018}1920data_disk = {21 disk_category = "cloud"22 device_name = "vdc"23 disk_type = "ssd"24 disk_name = "exampleDisk"25 disk_size_gb = 5026 az = "cn-north-1a"2728 auto_delete = true29 disk_name = "vm1-datadisk-1"30 description = "test"31 }32}
複製代碼
plan命令能夠顯示執行計劃:
1[jdc@mysandbox tf]$ ./terraform plan 2Refreshing Terraform state in-memory prior to plan... 3The refreshed state will be used to calculate this plan, but will not bepersisted to local or remote state storage. 4 5jdcloud_instance.vm-1: Refreshing state... (ID: i-y8ye9jd6ny) 6 7------------------------------------------------------------------------ 8 9An execution plan has been generated and is shown below.10Resource actions are indicated with the following symbols:-/+ destroy and then create replacement1112Terraform will perform the following actions:1314-/+ jdcloud_instance.vm-1 (new resource required)15id: "i-y8ye9jd6ny" => <computed> (forces new resource)16az: "cn-north-1a" => "cn-north-1a"17data_disk.#: "1" => "1"18data_disk.0.auto_delete: "true" => "true"19data_disk.0.az: "cn-north-1a" => "cn-north-1a"20data_disk.0.description: "test" => "test"21data_disk.0.device_name: "vdc" => "vdc"22data_disk.0.disk_category: "cloud" => "cloud"23data_disk.0.disk_id: "vol-fhvqnjyxw7" => <computed>24data_disk.0.disk_name: "vm1-datadisk-1" => "vm1-datadisk-1"25data_disk.0.disk_size_gb: "50" => "50"26data_disk.0.disk_type: "ssd" => "ssd" image_id: "bba85cab-dfdc-4359-9218-7a2de429dd80" => "bba85cab-dfdc-4359-9218-7a2de429dd80"27instance_name: "vm-1" => "vm-1"28instance_type: "g.n2.medium" => "g.n2.medium"29ip_addresses.#: "0" => <computed>30network_interface_name: "example_ni_name" => "example_ni_name"31password: <sensitive> => <sensitive> (attribute changed)32primary_ip: "10.0.0.27" => "10.0.0.27"33secondary_ip_count: <sensitive> => <sensitive> (attribute changed)34security_group_ids.#: "1" => "1"35security_group_ids.4008937636: "sg-chx9tv75xa" => "sg-chx9tv75xa"36subnet_id: "subnet-35h6keqh4m" => "subnet-35h6keqh4m"37system_disk.#: "1" => "1"38system_disk.0.auto_delete: "true" => <computed>39system_disk.0.az: "" => <computed>40system_disk.0.device_name: "vda" => "vda"41system_disk.0.disk_category: "local" => "local"42system_disk.0.disk_id: "" => <computed>43system_disk.0.disk_name: "" => <computed>44system_disk.0.disk_size_gb: "40" => "40"45system_disk.0.disk_type: "" => "ssd" (forces new resource)
複製代碼
提交執行:
1[jdc@mysandbox tf]$ ./terraform apply -auto-approve
2jdcloud_instance.vm-1: Creating...
3az: "" => "cn-north-1a"
4data_disk.#: "" => "1"
5data_disk.0.auto_delete: "" => "true"
6data_disk.0.az: "" => "cn-north-1a"
7data_disk.0.description: "" => "test" 8data_disk.0.device_name: "" => "vdc" 9data_disk.0.disk_category: "" => "cloud"10data_disk.0.disk_id: "" => "<computed>"11data_disk.0.disk_name: "" => "vm1-datadisk-1"12data_disk.0.disk_size_gb: "" => "50"13data_disk.0.disk_type: "" => "ssd"14image_id: "" => "bba85cab-dfdc-4359-9218-7a2de429dd80"15instance_name: "" => "vm-1"16instance_type: "" => "g.n2.medium"17ip_addresses.#: "" => "<computed>"18network_interface_name: "" => "example_ni_name"19password: "<sensitive>" => "<sensitive>"20primary_ip: "" => "10.0.0.27"21secondary_ip_count: "<sensitive>" => "<sensitive>"22security_group_ids.#: "" => "1"23security_group_ids.4008937636: "" => "sg-chx9tv75xa"24subnet_id: "" => "subnet-35h6keqh4m"25system_disk.#: "" => "1"26system_disk.0.auto_delete: "" => "<computed>"27system_disk.0.az: "" => "<computed>"28system_disk.0.device_name: "" => "vda"29system_disk.0.disk_category: "" => "local"30system_disk.0.disk_id: "" => "<computed>"31system_disk.0.disk_name: "" => "<computed>"32system_disk.0.disk_size_gb: "" => "40" system_disk.0.33disk_type: "" => "ssd"jdcloud_instance.vm-1: Still creating... (10s elapsed)34jdcloud_instance.vm-1: Still creating... (20s elapsed)35jdcloud_instance.vm-1: Still creating... (30s elapsed)36jdcloud_instance.vm-1: Still creating... (40s elapsed)37jdcloud_instance.vm-1: Still creating... (50s elapsed)38jdcloud_instance.vm-1: Still creating... (1m0s elapsed)39jdcloud_instance.vm-1: Creation complete after 1m1s (ID: i-y8ye9jd6ny)40Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
複製代碼
成功提交後,咱們能夠在控制檯看到正在運行的實例建立過程:
建立完成後登陸主機查看是否與定義文件符合:
- 查看磁盤劃分是否一致:
- 查看IP地址是否一致:
演示:銷燬實例
經過destroy命令能夠方便的刪除實例。
1[jdc@mysandbox tf]$ ./terraform destroy 2jdcloud_instance.vm-1: Refreshing state... (ID: i-y8ye9jd6ny) 3 4An execution plan has been generated and is shown below. 5Resource actions are indicated with the following symbols: - destroy 6 7Terraform will perform the following actions: 8 - jdcloud_instance.vm-1
910Plan: 0 to add, 0 to change, 1 to destroy.1112Do you really want to destroy all resources?13 Terraform will destroy all your managed infrastructure, as shown above.14 There is no undo. Only 'yes' will be accepted to confirm.1516 Enter a value: yesjdcloud_instance.vm-1: Destroying... (ID: i-y8ye9jd6ny)1718jdcloud_instance.vm-1: Still destroying... (ID: i-y8ye9jd6ny, 10s elapsed)19jdcloud_instance.vm-1: Still destroying... (ID: i-y8ye9jd6ny, 20s elapsed)20jdcloud_instance.vm-1: Still destroying... (ID: i-y8ye9jd6ny, 30s elapsed)21jdcloud_instance.vm-1: Still destroying... (ID: i-y8ye9jd6ny, 40s elapsed)22jdcloud_instance.vm-1: Destruction complete after 41s2324Destroy complete! Resources: 1 destroyed.
複製代碼
在控制檯上查看刪除進度:
Terraform自動編排的流程
以上只是演示了Terraform管理京東雲最簡單的流程。實際上經過Terraform完成複雜的編排,徹底能夠完成一個複雜的大型環境的部署與管理。如下是Terraform的流程:
到此,咱們的演示就結束了。
你們能夠本身動手試一下這種簡潔高效的京東雲自動化管理工具了。
點擊「閱讀原文」瞭解更多京東雲詳情
京東雲618大促,正在進行時!
最低1折
推薦
閱讀
RECOMMEND
相關文章
- 1. 乾貨 | 運維福音——Terraform自動化管理京東雲
- 2. 【技術乾貨】雲端自動化運維
- 3. 乾貨 | 京東雲帳號安全管理最佳實踐
- 4. 乾貨:IT運維管理規劃
- 5. 運維的福音,深度剖析騰訊雲自動運維平臺
- 6. 乾貨 | 京東雲數據庫 RDS助力企業便捷運維
- 7. shell + ansible + gateone 自動化運維管理
- 8. 京東數據庫運維自動化體系建設之路
- 9. 技術沙龍|京東雲DevOps自動化運維技術實踐
- 10. 自動化運維管理工具ansible
- 更多相關文章...
- • Maven 自動化部署 - Maven教程
- • Swarm 集羣管理 - Docker教程
- • SpringBoot中properties文件不能自動提示解決方法
- • IntelliJ IDEA中SpringBoot properties文件不能自動提示問題解決
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
